It’s Not A VPN-busting Bug, It’s A Social Media Enhancer For UNIX Users
They Even Need To Be Network Adjacent To Make Use Of It!
Kidding aside, this vulnerability applies to most UNIX based OSes, with most Linux distros, Android, iOS, macOS, FreeBSD, and OpenBSD all affected. The attacker needs to be able to intercept your data, which means they need to already be on the same network span as your machine or by having control of the router or other exit point, but if they do they can use this flaw to determine the exact SEQ and ACK numbers in your encrypted session.
That information can be used to successfully inject data, hijack the connection and possibly redirect your VPN session to imposter pages or other places on the web you really don’t want to go to. Not all VPNs are vulnerable, the researches quoted at The Register tested this on OpenVPN, WireGuard, and IKEv2/IPSe. Check out more there.
A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed.
More Tech News From Around The Web
- Guru3D Winter 2019 PC Buyer Guide
- BioShock will return, but without Ken Levine @ Ars Technica
- Microsoft starts forcing Windows 10 1809 stragglers to upgrade @ The Inquirer
- Apple: Mysterious iPhone 11 location pings were because of ‘ultra-wideband compliance’ @ The Register
- China Tells Government Offices To Remove All Foreign Computer Equipment @ Slashdot
- Oculus Quest keeps getting better, adds VR hand tracking this week @ Ars Technica
- Linux Users Can Now Use Disney+ After DRM Fix @ Slashdot